VERIZON: Outside Threats Dominate Data Breaches

Verizon Business recently released some of the results of its 2012 Data Breach Investigations Report, which took into account around 90 of the 855 global breaches the company tracked last year. Among the most glaring results is the fact that outside threats were main cause of data breaches in 2011.

According to the report, which will be released in full at a later date, more than 85 percent of the incidents reviewed were the results of hacker cyberattacks. Overall, 92 percent of data security events originated outside company walls, the report found.

“[Last year] was an interesting year in cybercrime. From mini-breaches to mega-breaches, and from ‘hacktivism’ to espionage to money-driven crime syndicates, there was plenty going on to keep [information security] professionals awake at night,” the sample report stated.

In 2010, outsiders accounted for 88 percent of all incidents, which reveals that companies should be fearing this threat even more moving forward. At the same time, the rate of insider data breaches continued to decline in 2011, slipping to 5 percent of all incidents. Two years ago, insiders were responsible for 10 percent of breaches.

Moving forward, companies should expect this trend to continue, with outside risks continuing to grow in both volume and sophistication, Wade Baker, director of research and intelligence at Verizon Enterprise Solutions, told Dark Reading. It’s important that companies align their data and Internet security strategies accordingly.

Other analyses of 2011 data breaches also highlighted the growing risk hackers pose to data protection.

Earlier this year, the Identity Theft Resource Center (ITRC) released its own study on the matter, and revealed that “a targeted intrusion of a data network,” such as those launched by hackers, caused 26 percent of last year’s data breaches. The loss of data in transit, which accounted for 18 percent of breaches last year, was second on the list of causes, followed by insider theft of information, which accounted for 13 percent.

“Any efforts to accurately quantify the actual number of breaches, and resulting number of compromised records, are stymied in the absence of mandatory reporting on a national level,” said ITRC program director Karen Barney.

Overall, the ITRC looked into 419 reported incidents. It found that more than 22 million records were exposed, and 62 percent of breaches involved Social Security numbers and 27 percent were centered on the theft of payment card information.